Configuration IPSec on version 2.3.2

struppi

Hello,

after upgrade from version 2.1.5 to 2.3.2 the Mobile IPSec with NCP VPN Client on Andorid and shrewsoft on Windows didn't work anymore :'(
Had anyone an description howto configure this or an configuration who ist working, so that IPSec is working again as in 2.1.5?

This is the current Logfile:

Nov 25 09:45:26  charon      05[ENC] <7> received unknown vendor ID: cb:e7:94:44:a0:87:0d:e4:22:4a:2c:15:1f:bf:e0:99
Nov 25 09:45:26  charon      05[ENC] <7> received unknown vendor ID: c6:1b:ac:a1:f1:a6:0c:c1:08:00:00:00:00:00:00:00
Nov 25 09:45:26  charon      05[IKE] <7> received FRAGMENTATION vendor ID
Nov 25 09:45:26  charon      05[IKE] <7> received Cisco Unity vendor ID
Nov 25 09:45:26  charon      05[IKE] <7> xxx.xx.1.108 is initiating a Aggressive Mode IKE_SA
Nov 25 09:45:26  charon      05[CFG] <7> looking for pre-shared key peer configs matching xx.xxx.27.15…xxx.xx.1.108[test@test.de]
Nov 25 09:45:26  charon      05[CFG] <7> selected peer config "con1"
Nov 25 09:45:26  charon      05[IKE] <con1|7>no shared key found for 'xx.xxx.27.15'[xx.xxx.27.15] - 'test@test.de'[xxx.xx.1.108]
Nov 25 09:45:26  charon      05[ENC] <con1|7>generating INFORMATIONAL_V1 request 1881593601 [ N(INVAL_KE) ]
Nov 25 09:45:26  charon      05[NET] <con1|7>sending packet: from xx.xxx.27.15[500] to xxx.xx.1.108[44436] (56 bytes)
Nov 25 09:45:30  charon      05[NET] <8> received packet: from xxx.xx.1.108[44436] to xx.xxx.27.15[500] (948 bytes)
Nov 25 09:45:30  charon      05[ENC] <8> parsed AGGRESSIVE request 0 [ SA KE No ID V V V V V V V V V V V V ]
Nov 25 09:45:30  charon      05[ENC] <8> received unknown vendor ID: da:8e:93:78:80:01:00:00
Nov 25 09:45:30  charon      05[IKE] <8> received XAuth vendor ID
Nov 25 09:45:30  charon      05[IKE] <8> received draft-ietf-ipsec-nat-t-ike-03 vendor ID
Nov 25 09:45:30  charon      05[IKE] <8> received draft-ietf-ipsec-nat-t-ike-02\n vendor ID
Nov 25 09:45:30  charon      05[IKE] <8> received draft-ietf-ipsec-nat-t-ike-00 vendor ID
Nov 25 09:45:30  charon      05[IKE] <8> received NAT-T (RFC 3947) vendor ID
Nov 25 09:45:30  charon      05[IKE] <8> received DPD vendor ID
Nov 25 09:45:30  charon      05[ENC] <8> received unknown vendor ID: eb:4c:1b:78:8a:fd:4a:9c:b7:73:0a:68:d5:6d:08:8b
Nov 25 09:45:30  charon      05[ENC] <8> received unknown vendor ID: cb:e7:94:44:a0:87:0d:e4:22:4a:2c:15:1f:bf:e0:99
Nov 25 09:45:30  charon      05[ENC] <8> received unknown vendor ID: c6:1b:ac:a1:f1:a6:0c:c1:08:00:00:00:00:00:00:00
Nov 25 09:45:30  charon      05[IKE] <8> received FRAGMENTATION vendor ID
Nov 25 09:45:30  charon      05[IKE] <8> received Cisco Unity vendor ID
Nov 25 09:45:30  charon      05[IKE] <8> xxx.xx.1.108 is initiating a Aggressive Mode IKE_SA
Nov 25 09:45:30  charon      05[CFG] <8> looking for pre-shared key peer configs matching xx.xxx.27.15…xxx.xx.1.108[test@test.de]
Nov 25 09:45:30  charon      05[CFG] <8> selected peer config "con1"
Nov 25 09:45:30  charon      05[IKE] <con1|8>no shared key found for 'xx.xxx.27.15'[xx.xxx.27.15] - 'test@test.de'[xxx.xx.1.108]
Nov 25 09:45:30  charon      05[ENC] <con1|8>generating INFORMATIONAL_V1 request 2308373839 [ N(INVAL_KE) ]
Nov 25 09:45:30  charon      05[NET] <con1|8>sending packet: from xx.xxx.27.15[500] to xxx.xx.1.108[44436] (56 bytes)
Nov 25 09:46:24  charon      12[CFG] rereading secrets
Nov 25 09:46:24  charon      12[CFG] loading secrets from '/var/etc/ipsec/ipsec.secrets'
Nov 25 09:46:24  charon      12[CFG] loaded IKE secret for test@test.de
Nov 25 09:46:24  charon      12[CFG] rereading ca certificates from '/usr/local/etc/ipsec.d/cacerts'
Nov 25 09:46:24  charon      12[CFG] rereading aa certificates from '/usr/local/etc/ipsec.d/aacerts'
Nov 25 09:46:24  charon      12[CFG] rereading ocsp signer certificates from '/usr/local/etc/ipsec.d/ocspcerts'
Nov 25 09:46:24  charon      12[CFG] rereading attribute certificates from '/usr/local/etc/ipsec.d/acerts'
Nov 25 09:46:24  charon      12[CFG] rereading crls from '/usr/local/etc/ipsec.d/crls'
Nov 25 09:46:24  charon      12[CFG] received stroke: unroute 'bypasslan'
Nov 25 09:46:24  ipsec_starter  5316  shunt policy 'bypasslan' uninstalled
Nov 25 09:46:24  charon      13[CFG] received stroke: delete connection 'bypasslan'
Nov 25 09:46:24  charon      13[CFG] deleted connection 'bypasslan'
Nov 25 09:46:24  charon      09[CFG] received stroke: delete connection 'con1'
Nov 25 09:46:24  charon      09[CFG] deleted connection 'con1'
Nov 25 09:46:24  charon      13[CFG] received stroke: add connection 'bypasslan'
Nov 25 09:46:24  charon      13[CFG] added configuration 'bypasslan'
Nov 25 09:46:24  charon      08[CFG] received stroke: route 'bypasslan'
Nov 25 09:46:24  ipsec_starter  5316  'bypasslan' shunt PASS policy installed
Nov 25 09:46:24  charon      14[CFG] received stroke: add connection 'con1'
Nov 25 09:46:24  charon      14[CFG] added configuration 'con1'

Thanks</con1|8></con1|8></con1|8></con1|7></con1|7></con1|7>